My themes was hacked!

  • sohmc

    (@sohmc)


    15 years ago

    Hello all!

    Sometime yesterday, my site was hacked. Upon further investigation, it looks like someone uploaded a new index.php for my theme.

    Is there a vulnerability somewhere that needs to be patched? I don’t know enough about how WP works to know for sure.

    If you need me to post a zip of my compromised theme directory, let me know.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Doodlebee

    (@doodlebee)

    15 years ago

    Were your file permissions set at 644, folders at 755? Have you contacted the host to see if the compromise definitely came from your site, or someone else’s (if you’re on a shared server)? Do you have passwords that are based on dictionary words? There’s all kinds of things that could be the cause.

    You might take a look at this.

    Thread Starter sohmc

    (@sohmc)

    15 years ago

    File was 644, folders 755. I’m a shared host and not the only one effected. The only commonality between us is that we use WP.

    My passwords are random and at least 16 characters. I always use SSL/SSH to update my site.

    I’m going to hash through the code this weekend to see if I can find anything.

    Doodlebee

    (@doodlebee)

    15 years ago

    Yes, *your* passwords were random and 16 chars, and *your* files and folders were set correctly – but how about everyone else on the server?

    If someone else on the server is compromised, it can easily create a “back door” to affect others on the same server. You should contact your host about this.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘My themes was hacked!’ is closed to new replies.

Tags